Wanna see something scary ?

[Dan White]

It scared the beans out of me when I found this code in a manifest I am tasked to update / refactor.

Does this look as outrageously wrong to you all as it looks to me ?

Variable names have been edited to protect the guilty

class role::one {

  hiera_include('profile::aa')

  hiera_include('profile::bb')

  hiera_include('profile::cc')

}

...and then in common.yaml:

profile::aa :

  - syslog

  - ttys

  - ...(continues)

“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & Hobbes)

[Neil]

Whilst I don't like it, I'm intrigued as to what is scaring you?

Looks like someone has modelled profiles in hiera/yaml rather than saying

include profile::aa

  and having

class profile::aa () {
  include syslog
  include ttys
....
Perhaps they just felt like it?

If you trust people puppet you are trusting them with the resources the manifests are applied to. Probably best if they don't scare you ;)

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6abd7a96-10c9-4668-9996-e8a25917b1d7%40me.com.
For more options, visit https://groups.google.com/d/optout.

[Dan White]

From https://docs.puppetlabs.com/references/latest/function.html#hierainclude

To use hiera_include,  the following configuration is required: 

• A key name to use for classes, e.g. classes.

• A line in the puppet sites.pp file (e.g. /etc/puppetlabs/puppet/manifests/sites.pp) reading hiera_include('classes'). Note that this line must be outside any node definition and below any top-scope variables in use for Hiera lookups.

(My italics)

<my_opinion>

The way hiera_include is being used is just asking for unexpected effects.

</my_opinion>

In the immortal words of Dennis Miller, "Of course that's just my opinion, I could be wrong."

“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & Hobbes)

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAohVBeW%2BEAFE5H%2BJ6q%3DyQH%2BfUKxJdAjJ7E8y%2Bh_jrRN%3D9d-cA%40mail.gmail.com.

[Neil - Puppet List]

Their use of hiera_include is spaghetti codish and horrid. But a lot of puppet code is.
For a framework to be flexible enough without supporting such horrors is seemingly impossible.
You are right to be concerned.
If it were me I'd redo them as puppet classes and see if that looks better. I'm not sure it really changes much other than appearing less scary.

Everything I say is my opinion ;)

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0406ec23-790d-4e0a-80de-da62fdf941be%40me.com.

[R.I.Pienaar]

----- Original Message -----
> From: "Dan White" <d_e_...@icloud.com>
> To: "puppet-users" <puppet...@googlegroups.com>
> Sent: Tuesday, June 16, 2015 9:09:54 PM
> Subject: Re: [Puppet Users] Wanna see something scary ?

> From https://docs.puppetlabs.com/references/latest/function.html#hierainclude
>
> To use hiera_include,  the following configuration is required:
>
> • A key name to use for classes, e.g. classes.
> • A line in the puppet sites.pp file (e.g.
> /etc/puppetlabs/puppet/manifests/sites.pp) reading hiera_include('classes').
> Note that this line must be outside any node definition and below any top-scope
> variables in use for Hiera lookups.
>
> (My italics)

The documentation is certainly overstating the need for this, it works best that
way in cases where people do like:

node default {
$stuff_in_the_hierarchy = "foo"
hiera_include("x")
}

but once you understand that there really is no reason not to put it elsewhere.

To be clear, all that hiera_include() does is:

include(hiera_array("x")) neither hiera_array() or include() has issues with where
they are run and they both behave in predictable ways when used in classes.

I wrote hiera_include() because include() back in the day didnt take an array, thats
all.

The documentation is overstating it and people are reading too much into it :)

[Cristian Falcas]

We're using hiera_include here because we want different classes on different environments.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/390611328.90197.1434528163071.JavaMail.zimbra%40devco.net.

[jcbollinger]

On Tuesday, June 16, 2015 at 12:11:15 PM UTC-5, LinuxDan wrote:

It scared the beans out of me when I found this code in a manifest I am tasked to update / refactor.

Does this look as outrageously wrong to you all as it looks to me ?

No.

 

Variable names have been edited to protect the guilty

class role::one {

  hiera_include('profile::aa')

  hiera_include('profile::bb')

  hiera_include('profile::cc')

}

...and then in common.yaml:

profile::aa :

  - syslog

  - ttys

  - ...(continues)

This is functionally equivalent to

class role::one {

  include 'profile::aa'

  include 'profile::bb'

  include 'profile::cc'

}

...and then in module "profile":

class profile::aa {

  include 'syslog'

  include 'ttys'

  # ...(continues)

}

I don't see why the former should be considered "wrong", and certainly not why you think it outrageously so.  I can't judge its technical merits very well out of its context and in such an abstract form, but it doesn't look like a big deal to me.


John